Cyber security, like other national security aspects, is government responsibility and it is obvious that the NHS electronic information system and data have not been effectively protected, because of the outdated hardware and software as well as inadequate security arrangements – a classic example of under-investment in the NHS.

The attack was focused on a vulnerability found on Windows operating systems which has been targeted by majority viruses.

The exploit used to cause the infection is known as EternalBlue and appears to have infiltrated the NHS Network via NHS computers running Windows XP – this operating system was released in 2001, and is no longer supported by Microsoft as of April 8th 2014.

It has been claimed by the former chairman of NHS Digital Kingsley Manning, that the Government would have been “well aware” that there were still several hundred thousand NHS computers still running Windows XP.

The existence of the EternalBlue exploit was made public in April 2017 as Microsoft released a patch for it in March 2017. The ransomware (known as WannaCry) used the EternalBlue exploit to infiltrate the NHS Network.

All this raise the following questions:

Does Theresa May’s government take the threat of cyber-attacks and exposed systems with exploits seriously?
If the statement by the former Chairman of NHS Digital is accurate, then why the government had not done more to help NHS to update their computers?
Why is the NHS that holds sensitive and confidential data using Windows on computers, when the majority of viruses target the Windows Operating System?
As Microsoft had released a patch for the virus in March 2017, why the government mismanaged the handling of the NHS so badly that the computers had still not been patched as of May 2017?
Who is paying for the cost of the digital “clean-up”, the NHS or the government; either way the taxpayer is paying to clean up yet another mess by the government?
Home Secretary Amber Rudd would like us to believe that no patient data was affected. If this turns out to be incorrect, what rights will the general public have as remedy, and will they be told about the extent to which their personal data has been compromised?
In terms of the bigger picture, Theresa May has been trying to widen the scope of the powers available under the Investigatory Powers Act 2016. If she cannot even control the actions of the NHS and protect computers from an exploit that had an available patch two months ago, then how can she guarantee protection of the data that her government is aggressively fighting to access, and that those accessing the data will act responsibly when the NHS has failed to do so?
As the exploit EternalBlue was first identified by the American National Security Agency, and Theresa May has a special relationship with Trump, how is it that she was not informed of the exploit sooner? On the other hand, if she was informed, then how is it that in two months since the discovery of EternalBlue, Theresa May did nothing to secure vulnerabilities on NHS computers?14/5/2017